SlideShare a Scribd company logo

Vulnerability assessment and penetration testing

A
AdpesolUsi

Vulnerability assessment Dan penetration testing

Technology
1 of 35
Download to read offline
Vulnerability Assessment Penetration Testing (VAPT)
Company 2 PT Digital Jagad Nusantara (DJN) is an Information Technology (IT) company that specializes in cyber security services for all pillars of ISO27001 and NIST Cyber Security Framework. DJN focus to provide you with the best services in the realms of Vulnerability Assessment & Penetration Testing, Security Operation Center (SOC) service providers since 2018. https://digitaljagadnusantara.com/
Our Assessment based on Center of Internet Security (CIS) provides well-defined, un-biased and consensus-based industry best practices. Open Source Security Testing Methodology Manual (OSSTMM) covers security testing, security analysis, operational security metrics, trust analysis, operational trust metrics, and the tactics Information System Security Assessment Framework (ISSAF) structured framework that categorizes information system security assessment into various domains & details specific evaluation Web Application Security Project (OWASP) . penetration testing guide that describes techniques for testing most common web application, web service and mobile security issues. SANS Institute Critical Security Controls. Recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks 3
hacker quotes ! 4
Application Penetration Testing – OWASP Methodology 1. INFORMATION GATHERING 2. CONFIGURATI ON AND DEPLOYMENT MANAGEMENT TESTING 3. IDENTITY MANAGEMENT TESTING 1. AUTHENTICATI ON TESTING 2. AUTHORIZATI ONTESTING 3. SESSION MANAGEMENT TESTING 1. INPUT VALIDATION TESTING 2. TESTING FOR ERROR HANDLING 3. TESTING FOR WEAK CRYPTOGRAPHY 4. BUSINESS LOGIC TESTING 5
OWASP standard has been adopted the international community as a standard for penetration testing. We Group will OWASP testing methodology for Web Application penetration testing which covers the following activities:
Use Case Pentest 7
8
Scope of Work Black Box Penetration Test : 1. Website 2. Web Application 3. Mobile App 4. FrontEnd (General) Assesment Vulnerability Gray Box Penetration Test : 1. Website 2. Web Application 3. Mobile App 4. FrontEnd (General) Assesment Vulnerability White box - 9
Approach and Methodology
Pentest Report (Delivery Out) 11 A penetration test report is the output of a technical security risk assessment that acts as a reference for business and technical teams. It serves multiple benefits in addition to a team’s internal vulnerability management process. Based on the sensitivity and business relationships, a report is used as a piece of evidence for product security assurance.
Action to Do 12
Experience Acknowledge Report 13
14 MOBILE Penetration Testing of Ezeelink, February 2019 Penetration Tester on Android Mobile Application, and Web Application (API). Penetration Testing of BNI TapCash Go, October 2019 Penetration Tester on Android Mobile Application. Penetration Testing of BPRS Dhinar Asri, August 2020 Technical Writer and Penetration Tester on Web Application and Infrastructure.
15 DESKTOP PROJECT December 2019 --------- Acknowledged By Kaodim Got Acknowledged by kaodim.com Security Team for locating a security vulnerability in their web application. April 2019 --------- Acknowledged By PegiPegi.com Got Acknowledged by PegiPegi Security Team for locating a security vulnerability in their web application. Penetration Testing of BPJS Kesehatan, Oktober 2020 Penetration Tester on Web Application.
THANKS! Any questions? You can find me at: indra.maulana@adps.co.id 081322823396 16
2. EXTRA RESOURCES Certification
Aulia Asbi Indra Wahyu Putra Bilal
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testing

Recommended

IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET Journal
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
VSEC Sourcecode Review Service Profile
VSEC Sourcecode Review Service ProfileVSEC Sourcecode Review Service Profile
VSEC Sourcecode Review Service ProfileVietnamese Network Security J.S.C
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsRam G Athreya
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 

Recommended

IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET Journal
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
VSEC Sourcecode Review Service Profile
VSEC Sourcecode Review Service ProfileVSEC Sourcecode Review Service Profile
VSEC Sourcecode Review Service ProfileVietnamese Network Security J.S.C
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsRam G Athreya
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 
Appknox Enterprise Offerings
Appknox Enterprise OfferingsAppknox Enterprise Offerings
Appknox Enterprise OfferingsAppknox
 
Umapathi_Resume
Umapathi_ResumeUmapathi_Resume
Umapathi_Resumeumapathi raja
 
Resume of Naresh Raghupatruni
Resume of Naresh RaghupatruniResume of Naresh Raghupatruni
Resume of Naresh RaghupatruniNaresh Kumar Raghupatruni
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutionsguest609a5ed
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And SolutionsHannan Ahmed
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management SystemIRJET Journal
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile finalSaurabh Kumar
 
Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Daniel L. Cruz
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...IJECEIAES
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
Website Security Service.pdf
Website Security Service.pdfWebsite Security Service.pdf
Website Security Service.pdfBriskinfosec Technology and Consulting
 
Security Testing
Security TestingSecurity Testing
Security TestingPratham Software (PSI)
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET Journal
 
Ownux Global June 2023
Ownux Global June 2023Ownux Global June 2023
Ownux Global June 2023Bella Nirvana Center
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 

More Related Content

Similar to Vulnerability assessment and penetration testing

Appknox Enterprise Offerings
Appknox Enterprise OfferingsAppknox Enterprise Offerings
Appknox Enterprise OfferingsAppknox
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutionsguest609a5ed
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And SolutionsHannan Ahmed
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management SystemIRJET Journal
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 
Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Daniel L. Cruz
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...IJECEIAES
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET Journal
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 

Similar to Vulnerability assessment and penetration testing (20)

Appknox Enterprise Offerings
Appknox Enterprise OfferingsAppknox Enterprise Offerings
Appknox Enterprise Offerings
 
Umapathi_Resume
Umapathi_ResumeUmapathi_Resume
Umapathi_Resume
 
Resume of Naresh Raghupatruni
Resume of Naresh RaghupatruniResume of Naresh Raghupatruni
Resume of Naresh Raghupatruni
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and Defenses
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile final
 
Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
 
Website Security Service.pdf
Website Security Service.pdfWebsite Security Service.pdf
Website Security Service.pdf
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection System
 
Ownux Global June 2023
Ownux Global June 2023Ownux Global June 2023
Ownux Global June 2023
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimaginedpanagenda
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistandanishmna97
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 

Recently uploaded (20)

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 

Vulnerability assessment and penetration testing

  • 2. Company 2 PT Digital Jagad Nusantara (DJN) is an Information Technology (IT) company that specializes in cyber security services for all pillars of ISO27001 and NIST Cyber Security Framework. DJN focus to provide you with the best services in the realms of Vulnerability Assessment & Penetration Testing, Security Operation Center (SOC) service providers since 2018. https://digitaljagadnusantara.com/
  • 3. Our Assessment based on Center of Internet Security (CIS) provides well-defined, un-biased and consensus-based industry best practices. Open Source Security Testing Methodology Manual (OSSTMM) covers security testing, security analysis, operational security metrics, trust analysis, operational trust metrics, and the tactics Information System Security Assessment Framework (ISSAF) structured framework that categorizes information system security assessment into various domains & details specific evaluation Web Application Security Project (OWASP) . penetration testing guide that describes techniques for testing most common web application, web service and mobile security issues. SANS Institute Critical Security Controls. Recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks 3
  • 5. Application Penetration Testing – OWASP Methodology 1. INFORMATION GATHERING 2. CONFIGURATI ON AND DEPLOYMENT MANAGEMENT TESTING 3. IDENTITY MANAGEMENT TESTING 1. AUTHENTICATI ON TESTING 2. AUTHORIZATI ONTESTING 3. SESSION MANAGEMENT TESTING 1. INPUT VALIDATION TESTING 2. TESTING FOR ERROR HANDLING 3. TESTING FOR WEAK CRYPTOGRAPHY 4. BUSINESS LOGIC TESTING 5
  • 6. OWASP standard has been adopted the international community as a standard for penetration testing. We Group will OWASP testing methodology for Web Application penetration testing which covers the following activities:
  • 8. 8
  • 9. Scope of Work Black Box Penetration Test : 1. Website 2. Web Application 3. Mobile App 4. FrontEnd (General) Assesment Vulnerability Gray Box Penetration Test : 1. Website 2. Web Application 3. Mobile App 4. FrontEnd (General) Assesment Vulnerability White box - 9
  • 11. Pentest Report (Delivery Out) 11 A penetration test report is the output of a technical security risk assessment that acts as a reference for business and technical teams. It serves multiple benefits in addition to a team’s internal vulnerability management process. Based on the sensitivity and business relationships, a report is used as a piece of evidence for product security assurance.
  • 14. 14 MOBILE Penetration Testing of Ezeelink, February 2019 Penetration Tester on Android Mobile Application, and Web Application (API). Penetration Testing of BNI TapCash Go, October 2019 Penetration Tester on Android Mobile Application. Penetration Testing of BPRS Dhinar Asri, August 2020 Technical Writer and Penetration Tester on Web Application and Infrastructure.
  • 15. 15 DESKTOP PROJECT December 2019 --------- Acknowledged By Kaodim Got Acknowledged by kaodim.com Security Team for locating a security vulnerability in their web application. April 2019 --------- Acknowledged By PegiPegi.com Got Acknowledged by PegiPegi Security Team for locating a security vulnerability in their web application. Penetration Testing of BPJS Kesehatan, Oktober 2020 Penetration Tester on Web Application.
  • 16. THANKS! Any questions? You can find me at: indra.maulana@adps.co.id 081322823396 16